asp.net - Integrated Windows Authentication & SSL -
I have an administrative website on our intranet which currently supports integrated Windows authentication via IIS < uses it. We want to take this application to a public website and secure it with SSL, so that our users can access it from anywhere.
I was planning to redirect http to https to use the HTTPS module but it does not work with integrated authentication (login popup appears before redirect).
Am I stuck at the "Need SSL" checkbox in IIS?
What will you do in this situation?
This does not appear to be user-friendly because the user gets a good fat error page if they forget to use https URL. >
We had similar problems on our intranet site and integrated Windows to request your network username / password directly. Switching from authentication was finished on the site This way we can redirect them to HTTPS or other such things when authentication displays popups.
We have such a code (assuming you are using ASP.NET) which authenticates the user, and then we store the authentication status in a cookie.
Public Static Bull AuthenticateUser (String Username, String Password) {System.DirectoryServices.DirectoryEntry _entry = New System.DirectoryServices.DirectoryEntry (ldap_path, Username, Password, System.DirectoryServices.AuthenticationTypes. Delegation); Bool _authenticated = false; Try {object_o = _entry.NativeObject; _authenticated = true; } Hold {_authenticated = false; } Finally many connections to {// server} are avoided by "permission" error _entry.Close (); _entry.Dispose (); } Return _authenticated; }
It protects us greatly from headache and frustration by handling all certification in the application based on IIS.
Comments
Post a Comment